mrasiankix Posted September 18, 2008 Share Posted September 18, 2008 does anyone know of or have a script to prevent users from using proxies? Quote Link to comment Share on other sites More sharing options...
Floydian Posted September 18, 2008 Share Posted September 18, 2008 Re: script to prevent users to register or login using proxies Were you looking for a free script or a really good premium paid script? Okay, now that my sales deal is out of the way. Your only good option for blocking proxies is to maintain a database of proxies and simply match up the REMOTE_ADDR to the proxies in your database. I should say that that is the only direct option. Of course proxies are changing all the time and you'd have to maintain that list of proxies which itself will likely have to be paid for. Personally, I recommend two things: Recording IP's when a user registers, logs in, and on every page load. At least you can see changes over time with that, and in combination with this is having a vigilant staff. The second thing I recommend is using cookies to track users with in combination to IPs. It works as good as leading cattle to the slaughter. Quote Link to comment Share on other sites More sharing options...
Cronus Posted September 18, 2008 Share Posted September 18, 2008 Re: script to prevent users to register or login using proxies Blocking proxies is not going to work. Good staff monitoring transfers and a good IP checking script is all you really need. Quote Link to comment Share on other sites More sharing options...
POG1 Posted September 18, 2008 Share Posted September 18, 2008 Re: script to prevent users to register or login using proxies what about AOL users? Quote Link to comment Share on other sites More sharing options...
Floydian Posted September 18, 2008 Share Posted September 18, 2008 Re: script to prevent users to register or login using proxies That's where my cookie sigs mod comes in. It only matches users, and never provides false results. Yeah, it can miss some folks, but when it finds a match, there's no denying it's a match since a cookie is set to the computer itself and not dependant on AOL or any proxy ;) Quote Link to comment Share on other sites More sharing options...
Cronus Posted September 18, 2008 Share Posted September 18, 2008 Re: script to prevent users to register or login using proxies That's where my cookie sigs mod comes in. It only matches users, and never provides false results. Yeah, it can miss some folks, but when it finds a match, there's no denying it's a match since a cookie is set to the computer itself and not dependant on AOL or any proxy ;) Lots of people delete cookies so that won't work. I have my firefox set to delete cookies everytime I close the browser. Quote Link to comment Share on other sites More sharing options...
Floydian Posted September 18, 2008 Share Posted September 18, 2008 Re: script to prevent users to register or login using proxies It works, ;) Like I said, it's not 100%. It should be used in combination with IP recording and diligent staff work. You'd be surprised how many folks I've caught with the cookie signatures... (so you can't tell me it hasn't worked, you can only say it's not 100%) Quote Link to comment Share on other sites More sharing options...
Guest Anonymous Posted September 18, 2008 Share Posted September 18, 2008 Re: script to prevent users to register or login using proxies Yup, does work, nicely. Personally I've been known to use a method similar to Floydians as a secondary, plus three other - and (almost) forget staff. The machine is far better at multi tracking than staff can be, however human intuition does come into it. Quote Link to comment Share on other sites More sharing options...
mdshare Posted September 19, 2008 Share Posted September 19, 2008 Re: script to prevent users to register or login using proxies IP alone is flawed I'm sure nyna will agree with that part IP + cookie is better but still flawed IP + cookie + ???? + human intuition is excellent and still not perfect Quote Link to comment Share on other sites More sharing options...
Floydian Posted September 19, 2008 Share Posted September 19, 2008 Re: script to prevent users to register or login using proxies Yup, that's about the best you can do. The big thing is, everyone that cheats screws up sooner or later. With IP's and cookies in place, they'll be hard pressed to keep up the charade for long... Quote Link to comment Share on other sites More sharing options...
Cronus Posted September 19, 2008 Share Posted September 19, 2008 Re: script to prevent users to register or login using proxies It works, ;) Like I said, it's not 100%. It should be used in combination with IP recording and diligent staff work. You'd be surprised how many folks I've caught with the cookie signatures... (so you can't tell me it hasn't worked, you can only say it's not 100%) I didn't say it won't work. I'm saying someone who has decent knowledge online knows to delete their cookies. Lots of adware and whatnot comes through there and its good to remove it. Even if you do have to re-login every time you close a browser. IP tracking is the way I plan on doing it and have developed a very good system(I think). Human log watching is effective, but again flawed, humans can only do so much. =P Quote Link to comment Share on other sites More sharing options...
Floydian Posted September 19, 2008 Share Posted September 19, 2008 Re: script to prevent users to register or login using proxies lol You're saying you will only use IP's because there's flaws in other methods. And yet, there's flaws in IP tracking. See the flaw in your logic? Look at it this way, it's like having multiple filters. Some filters will only filter out one kind of thing, and another filter will filter out another thing. It's when you combine multiple filters, that you get the maximum chances of blocking the bad guys. But by all means, go without it. It's not like it's hard to code up though... Quote Link to comment Share on other sites More sharing options...
codestryke Posted December 21, 2008 Share Posted December 21, 2008 Re: script to prevent users to register or login using proxies We use a 3 tier approach and it's worked out very well thus far. Like everyone has said it still requires human intervention, nothing on a web based game is 100%... IP Cookies Then check the following headers HTTP_X_FORWARDED_FOR HTTP_PROXY_CONNECTION HTTP_VIA Any of these answer up then it's a proxy and probably a good one (AOL etc) because they answered up as a proxy and let us know it's a proxy. If they don't answer up as a proxy (like most anonymous proxy services) we then go the RBL check (Realtime Block List). We subscribe to 2 moderate RBL servers. When it first went online I used strict servers and they were, well, VERY strict and blocked a lot more players then we thought they should. If the RBL records a hit we either mark them in the logs or we just block the signup process right there. The choice is based on which game, some of our games we are less strict as they don't tend to attract problem players. Once again not 100% but it's taken our multi check from an all day affair to less then an hour every couple days. So for us it's "good enough". -------- Edit... Also I have to note we do track a login history. So as someone aboved mentioned you can delete cookies, however, this is logged and scrubbed nightly. So if a player logs in and has cookie, then logs in later with no cookie this account is flagged to let us know they cookie is missing. Not always a bad thing but can sometimes alert you to a possible problem down the road. Quote Link to comment Share on other sites More sharing options...
Floydian Posted December 21, 2008 Share Posted December 21, 2008 Re: script to prevent users to register or login using proxies lol yup, a missing cookie count is a great way to flag accounts. There's no way to get around cookie tracking using that. You either have the cookie or you don't. Either way, it's trackable... Quote Link to comment Share on other sites More sharing options...
John99 Posted January 3, 2009 Share Posted January 3, 2009 Re: script to prevent users to register or login using proxies Ya i delete my cookies every 2 hours :P or every time i close the browser :D Quote Link to comment Share on other sites More sharing options...
Floydian Posted January 3, 2009 Share Posted January 3, 2009 Re: script to prevent users to register or login using proxies I normally eat mine after dinner Quote Link to comment Share on other sites More sharing options...
POG1 Posted January 13, 2009 Share Posted January 13, 2009 Re: script to prevent users to register or login using proxies Ya i delete my cookies every 2 hours :P or every time i close the browser :D every 2 hours? :S Quote Link to comment Share on other sites More sharing options...
Guest Anonymous Posted January 13, 2009 Share Posted January 13, 2009 Re: script to prevent users to register or login using proxies Good method corestryke. Quote Link to comment Share on other sites More sharing options...
Dave Posted February 12, 2009 Share Posted February 12, 2009 Re: script to prevent users to register or login using proxies hmm, Surely there would be a way to stop a CGI-Proxy? Just check whats in the Address bar and if its not the site die an error? or does a CGI-Proxy work differently (Never even looked at a CGI script) Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted February 12, 2009 Share Posted February 12, 2009 Re: script to prevent users to register or login using proxies Majority of the "good" proxy's. They fool your $_SERVER[] array. Meaningless by putting: $_SERVER['REMOTE_ADDR']; it is basicly conecting to the proxy's IP. $_SERVER['PHP_SELF']; Also being fooled by the proxy to what ever URL you are clicking. $_SERVER['HTTP_HOST'] Normaly would be domain.com or www.domain.com Unfortunatly, we use a proxy we normaly get gproxy.net/rip?domain=hashed domain etc $_SERVER['HTTP_HOST'] then again is being fooled to being "hashed domain" Of course before it send's it. It unhashes the domain. There for fooling every $_SERVER[] command. Use a proxy. Go to a test page. And put this in your test page: var_dump($_SERVER); Quote Link to comment Share on other sites More sharing options...
Dave Posted February 13, 2009 Share Posted February 13, 2009 Re: script to prevent users to register or login using proxies Thanks killah :) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.